Description
In v1.x of Sigstore, you could sign multiple files and receive all output files by default based on the name of the input file (ie Python-3.11.5.tgz -> Python-3.11.5.tgz.sigstore, etc).
In v2.x, the only default file is the bundle. To also generate crt/sig files you must supply --certificate and --signature, but those options require a filename. There's no way (that I can find) to opt-in to receive those files with their default names.
To provide a suggestion on a potential addition of this feature: allow --certificate and --signature to be provided as flags without a filename to receive the default behavior?
Calling sigstore multiple times is a work-around for this problem (once per artifact, supplying the names yourself). I don't necessarily consider this issue a blocker since it can be worked around, but would require using SIGSTORE_IDENTITY_TOKEN environment variable to avoid needing to request identity from verifier multiple times.